[Freeipa-devel] [PATCH 0170] Detect and warn about invalid forwardzone configuration
Martin Basti
mbasti at redhat.com
Thu Dec 11 15:50:56 UTC 2014
Updated aptch attached:
diff with previous:
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index f9d8321..7a80036 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -1735,7 +1735,7 @@ def _normalize_zone(zone):
def _get_auth_zone_ldap(name):
"""
- Find authoritative zone in LDAP for name
+ Find authoritative zone in LDAP for name. Only active zones are
considered.
:param name:
:return: (zone, truncated)
zone: authoritative zone, or None if authoritative zone is not in LDAP
@@ -1781,10 +1781,10 @@ def _get_auth_zone_ldap(name):
def _get_longest_match_ns_delegation_ldap(zone, name):
"""
- Finds record in LDAP which has the longest match with name.
+ Searches for deepest delegation for name in LDAP zone.
- NOTE: does not search in zone apex, returns None if there is no NS
- delegation outside of zone apex
+ NOTE: NS record in zone apex is not considered as delegation.
+ It returns None if there is no delegation outside of zone apex.
Example:
zone: example.com.
@@ -1799,9 +1799,8 @@ def _get_longest_match_ns_delegation_ldap(zone, name):
:param zone: zone name
:param name:
- :return: (record, truncated);
- record: record name if success, or None if no such record exists, or
- record is zone apex record
+ :return: (match, truncated);
+ match: delegation name if success, or None if no delegation record
exists
"""
assert isinstance(zone, DNSName)
assert isinstance(name, DNSName)
@@ -1846,7 +1845,6 @@ def _get_longest_match_ns_delegation_ldap(zone, name):
# test if entry contains NS records
for entry in entries:
- print entry
if entry.get('nsrecord'):
matched_records.append(entry.single_value['idnsname'])
@@ -3444,7 +3442,7 @@ class dnsrecord(LDAPObject):
def warning_if_ns_change_cause_fwzone_ineffective(self, result, *keys,
**options):
"""Detect if NS record change can make forward zones
ineffective due
- missing delegation. Run after parent's execute method method.
+ missing delegation. Run after parent's execute method.
"""
record_name_absolute = keys[-1]
zone = keys[-2]
--
Martin Basti
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0170.5-Detect-and-warn-about-invalid-DNS-forward-zone-confi.patch
Type: text/x-patch
Size: 17035 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141211/8b0dd80a/attachment.bin>
More information about the Freeipa-devel
mailing list